Cyber Incident Victim: Media Today
Date:
Jun 2022
Location:
Australia
Summary
Australia's largest Chinese-language media platform experienced a cyberattack targeting its registration system via coordinated overseas IP addresses, attempting to exploit SMS verification codes to compromise user accounts. Attackers generated 20 million password reset requests, triggering verification alerts for approximately 110,000 users, though the organization confirmed no actual account breaches occurred due to the pending status of unauthorized attempts and inherent security measures blocking code interception. The incident prompted an investigation by law enforcement while the platform maintained user data remained uncompromised despite the large-scale automated assault.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 8, 2022, Australia’s largest Chinese-language media platform, Media Today, experienced a cyberattack targeting its Australia Today app between 1:00 AM and 8:00 AM AEST. The attack originated from IP addresses linked to the United States, Canada, and Hong Kong, focusing on the platform’s registration system. Hackers attempted to exploit SMS verification codes to reset user passwords and gain unauthorized access to accounts. Media Today confirmed the attackers generated automated requests to trigger password reset verifications, resulting in approximately 110,000 users receiving unsolicited SMS codes. The company clarified this did not indicate a breach of account credentials or phone numbers, characterizing it as a randomized effort to test Australian phone numbers on their systems. Attackers made 20 million password reset attempts during the seven-hour incident. Media Today assured users the verification codes remained secure, as they were sent directly to mobile devices and could not be intercepted or used by the hackers. All malicious reset requests remained in a “pending” state, preventing account compromises. The platform, founded in 2011 and serving 1.2 million daily users, emphasized no corrective action was required from affected individuals.
Australian law enforcement agencies initiated an investigation into the attack following Media Today’s disclosure. The company maintained its infrastructure defenses prevented unauthorized account access, reiterating that user account security was not compromised. No data exfiltration or secondary disruptions to Media Today’s services were reported. The incident highlighted the platform’s prominence as a communication channel for Chinese Australians, though operational impacts appeared limited. Media Today’s public statements focused on transparency regarding the attack methodology while downplaying risks to subscribers. The scale of the automated attempts—20 million requests within hours—underscored the attackers’ persistence but did not result in functional system breaches. No threat actor claimed responsibility, and the investigation remained ongoing at the time of reporting.